Fix escaping in email query

This commit is contained in:
Omar Roth 2019-11-04 12:26:05 -05:00
parent f6ef0b684a
commit 7b2ca55089
No known key found for this signature in database
GPG key ID: B8254FB7EC3D37F2
2 changed files with 3 additions and 3 deletions

View file

@ -3389,7 +3389,7 @@ post "/feed/webhook/:token" do |env|
if emails.empty? if emails.empty?
values = "'{}'" values = "'{}'"
else else
values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}" values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
end end
PG_DB.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})") PG_DB.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")

View file

@ -281,7 +281,7 @@ def fetch_channel(ucid, db, pull_all_videos = true, locale = nil)
if emails.empty? if emails.empty?
values = "'{}'" values = "'{}'"
else else
values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}" values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
end end
db.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})") db.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")
@ -349,7 +349,7 @@ def fetch_channel(ucid, db, pull_all_videos = true, locale = nil)
if emails.empty? if emails.empty?
values = "'{}'" values = "'{}'"
else else
values = "VALUES #{emails.map { |id| %(('#{id}')) }.join(",")}" values = "VALUES #{emails.map { |email| %((E'#{email.gsub({'\'' => "\\'", '\\' => "\\\\"})}')) }.join(",")}"
end end
db.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})") db.exec("UPDATE users SET feed_needs_update = true WHERE email = ANY(#{values})")